The worldwide fear and uncertainty surrounding the novel coronavirus isn’t just being leveraged in malware and phishing attacks, as it has also enabled the spread of misinformation, fake cures and a variety of scams.

If you're selling fake cures for coronavirus, installing malware in apps designed for people to track the spread of the virus or posing as the CDC or WHO in phishing emails, the DOJ is coming after you. AG Barr directed all U.S. attorneys today to prioritize these prosecutions.

Cash App scammers leverage COVID-19

In October 2019, I wrote a blog series about opportunistic scammers targeting legitimate giveaways from Cash App, the popular person-to-person (P2P) payment application. In the months since, the scammers’ activities have continued, but with all the attention surrounding COVID-19, the Cash App scammers have started leveraging it as well.

Some Cash App scammers are simply adding the #coronavirus hashtag to their tweets in order to ride the hashtag.

In another instance, a Cash App scammer referenced the impact of the “Corona Virus” and how it is “cancelling” everything except “are (sic) bills.” They then propose their offer: $2,000 to the first 300 people to retweet their tweet, allegedly offering a grand total of $600,000 in a giveaway. This tweet also references another P2P application, Apple Pay. They reference it because not everyone uses Cash App, but there are a lot of Apple iPhone users. The tweet also includes the hashtags “#CoronavirusOutbreak” and “#CoronaVirusUpdate” instead of anything Cash App related.

Finally, another Cash App scammer uses both the “#COVID19” and “#CoronavirusOutbreak” hashtags along with a “#CashappMonday” hashtag. The tweet implies that because of the virus, they’re sending money to users. In this case, the first 500 people could receive anywhere between $300 to $1500. This tweet struck a chord with users on Twitter, receiving over 675 retweets and 963 likes at the time I observed it.

All three scenarios center around money flipping. The Cash App scammers claim they can flip transactions, turning a small denomination of $10 into $100, for example. They claim they can modify the transactions in post through the P2P application, whether it be Cash App, Paypal, Zelle, Venmo or Apple Pay. All they ask for is that the recipient share the initial cut with them for providing them this so-called service. As you might expect, the victims won’t receive anything in return. They’ll be left high and dry after parting ways with their money.

Misinformation around COVID-19 is a growing problem

Social media provides a valuable avenue for real-time information on current events, such as the situation surrounding COVID-19. At the same time, it enables the dissemination of misinformation.

In late January, a fake document began circulating that falsely claimed cases of COVID-19 were detected in the city of Carson, California. This document contained official logos of the World Health Organization (WHO), U.S. Centers for Disease Control and Prevention (CDC) and Los Angeles County Department of Public Health. The Los Angeles Police Department tweeted on February 10 that they were “seeking information” on the party responsible for spreading this misinformation.

Rumors of a nationwide quarantine in the United States

One of the biggest pieces of misinformation to circulate through text and social media are screenshots of text messages claiming that the United States will be instituting a nationwide shutdown or quarantine for an extended period of time. These text messages claim that the original author spoke to a relative or someone who had connections to someone “really high up in the government” or the CDC, as a way of legitimizing their claims.

While the premise varies, the intention is the same – spread misinformation about the possibility of a nationwide quarantine.

To set the record straight, the U.S. National Security Council (NSC) tweeted that these text message rumors were fake. “There is no national lockdown,” the NSC said.

Offers of fake COVID-19 test kits

In Toronto, Canada, there are reports that scammers have begun knocking on doors, claiming to offer COVID-19 test kits. This report was identified and debunked in a tweet from Toronto’s fire chief, Matthew Pegg.

Fake messages from government agencies

The Australian Cyber Security Centre reports that Australians should keep an eye out for scam texts alleged to be from the Australian government, offering advice on “symptoms and when to get tested” along with a link to a website, http://covid19-info[.]online.

In our previous blog post about COVID-19, we referenced a report from Check Point Research that found that since January, 4,000 domain names including the word “coronavirus” had been registered. The example above supports that outside of “coronavirus,” scammers are registering domains containing “COVID19.” Creating domain names using phrases like coronavirus and COVID19 are used to present false legitimacy when sharing these as part of malicious emails, text messages or social media posts, so that when users receive them, they might be more inclined to trust them because they have these keywords in them. We expect more domains using these terms to be registered along with fake websites getting published, as scammers and cybercriminals continue to take advantage of the pandemic.

Unsolicited phone call scams

In Alberta, Canada, there are reports that Canadian residents are receiving unsolicited phone calls, claiming they have tested positive for COVID-19, followed by a request for credit card information.

In a tweet, Alberta Health Services debunked the claim, saying they would never ask for credit card information.

AHS will never call & ask for credit card information. Please hang up immediately and report by calling the non-emergency line for local law enforcement.

In Alameda County, California, the sheriff’s office was notified by a victim who received a phone call from a scammer claiming that a loved one had been diagnosed with COVID-19 and was in an accident on their way to a hospital. The scammer said this loved one was arrested and needed to be bailed out to the tune of $13,000. The scammer would “send a friend” to collect the bail money.

Coronavirus Scam: We had our first scam where victim received a phone call saying loved one had Covid-19 and was in accident on way to hospital. The loved one was arrested for accident and needed $13k bail. Suspect said they would send friend to pick up money. Be aware!

In Daly City, California, the police department says it is aware of scams where people are claiming to be from the CDC. These scams claim to offer reservations for a COVID-19 vaccine and require “a credit card and/or social security number.” The Daly City Police Department debunked these claims, saying there is no such “vaccine reserve program.”

New scam: People are claiming to be from the CDC offering to let people "reserve a vaccine for the COVID-19" with a credit card and/or social security number. There is no vaccine reserve program, and the CDC is not offering anything of the sort. Do not fall prey!

Users who click the link in the text message are redirected to a website that claims to offer cash from as low as $1,000 to as much as $5,000.

Further information on the website reveals that it’s designed to put the visitors in touch with lenders to secure a loan. The scammers are likely referring users to this lender website to earn a referral bonus.

Work from home/job opportunity scams

The impact of COVID-19 has created challenges for those seeking work, while also adding uncertainty around existing work and the possibility of lost wages. As social distancing has been strongly encouraged by WHO and CDC, it makes it difficult to find work. As a result, this has become another area ripe for scammers, as they utilize COVID-19 to peddle job opportunity scams.

Brian Krebs recently reported that COVID-19 “widens the money mule pool” for scammers. A money mule is a person who transfers illegal money on behalf of criminals and keeps a commission fee for their efforts.

Krebs reports that a fraudulent website called Vasty Health Care Foundation, a fake Canadian foundation, copied most of its content from globalgiving.org. According to GlobalGiving’s chief product officer, Kevin Conroy, these fake job offers appear to be originating from job search websites like Indeed.com and Monster.com. While this report was focused on the fraudulent Canadian foundation, Krebs also learned that similar tactics are being employed to target Americans, according to Alex Holden, founder of Hold Security.

A Twitter user shared a post reportedly from the El Camino Police Department stating that students at El Camino College in Torrance, California, are being targeted by job opportunity scams “under the guise of working at home due to the COVID-19 outbreak.”

Fake cures and misinformation circulates on WhatsApp

One of the other major areas of concern surrounding the fear and uncertainty of COVID-19 are fake cures and other false information spreading through popular messaging applications like WhatsApp.

Another viral WhatsApp message provides a so-called breathing exercise to help determine whether or not one has COVID-19. It also suggests taking “a few sips of water every 15 mins at least” because drinking liquids will “WASH them down through your oesophagus (sic) and into the stomach,” claiming that stomach acid will “kill all the virus.” These false claims have been debunked.

These are just some of the myriad of fake cures circulating on WhatsApp, from drinking lots of hot water, eating more ginger or increasing one's intake of vitamin C to more elaborate solutions.

Another WhatsApp message claims that placing cloves, cardamom, camphor and mace in a cloth and keeping it in one's pocket at all times is a remedy that will prevent “not just coronavirus, but no other virus will be able to harm you.”

A fake message claiming to be from the United Nations Children's Fund (UNICEF) mentions that avoiding ice cream and cold foods can protect against the virus. This message was debunked by UNICEF in a statement on their website from their deputy executive director for partnerships, Charlotte Petri Gornitzka.

Politico recently reported an audio recording was gaining traction through WhatsApp. The message claimed the Medical University in Vienna found patients who experienced the most severe symptoms from COVID-19 had been taking ibuprofen, a commonly used painkiller. This message was soon debunked by Johannes Angerer, spokesperson for the university. However, there are valid questions surrounding how ibuprofen affects COVID-19 patients, which are being looked into by the WHO.

Italy, which has been hit hard by COVID-19, has also seen an uptick in misinformation and fake cures being spread through WhatsApp, according to the BBC.

Fighting back against coronavirus scams and misinformation

As countries around the world fight back against COVID-19, the fear and uncertainty provides an excellent hook for scammers and peddlers of misinformation. We expect these will persist for quite some time.

Steps to take to help thwart misinformation, fake cures and scams around COVID-19

As we all work on our personal hygiene and practice social distancing, we can also play our part to help prevent the spread of misinformation and fight back against scammers.

Seek out information from trusted sources. WHO, CDC and other local health organizations are the most trustworthy places to get your information about COVID-19. Additionally, trusted news sources can also be a great place to gather information.

Be skeptical of phone calls and text messages around COVID-19. Scammers are counting on the fear and uncertainty around this virus to help fuel their efforts to steal money and sensitive information from unsuspecting individuals. Unsolicited phone calls and messages that you didn’t opt-in for are more than likely scams, so chances are you should simply ignore the messages.

Recognize that work-from-home job opportunities are most likely scams. If you come across a job opportunity that claims you can earn lots of money by working from home, it’s likely fraudulent, especially if they ask you to transfer money and keep a cut for yourself. There’s no such thing as easy money.

Consult your medical professional to get care. Offers to provide you with a test kit via door-to-door salesmen or over the phone are fake. If you have questions about your symptoms and are seeking advice about getting tested, contact your primary care physician. If your symptoms are severe, call your local emergency services.

Avoid forwarding messages on WhatsApp or other social media about so-called cures or news related to COVID-19. The cures being shared around WhatsApp aren’t rooted in any science and should not be a replacement for the recommendations outlined above from WHO. Forwarding these messages helps disseminate misinformation. Be skeptical of news that’s also being shared across these platforms. Be sure to verify the news being shared with you to ensure it hasn’t been fabricated.

Remember that on social media and text messages, free money isn’t free. Even with discussions about providing economic relief in the U.S., elaborate offers for money aren’t free. Scammers will ask you to provide some money upfront before they “flip” it into a larger denomination, but you won’t receive anything in return. Scammers will also try to direct you to websites to fill out surveys and/or install mobile applications, with the promise of earning some money in return. These are just ways to turn you into a cog in the wheel for the scammers to steal money from you.

This is just the beginning, not only for COVID-19, but for scams leveraging it. We fully expect these scams will continue to grow and change accordingly as new information is made available publicly. While we’ve tried to capture some common themes we’ve identified in misinformation and scams surrounding COVID-19, know there are many that we’ve not yet observed or contemplated. The best way to deal with this fact is to remain skeptical.

Thank You

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

Thank You

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Thank You

Thank you for your interest in the Tenable.io Container Security program. A representative will be in touch soon.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Thank You

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.Reduce the Risk You Don’t.

Thank You

Thank you for your interest in Tenable.ot. A representative will be in touch soon.

The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.